Why Can’t My AI Use Your Business?

SF Scott Farrell โ€ข July 10, 2026 โ€ข scott@leverageai.com.au โ€ข LinkedIn
LeverageAI ยท Agent Addressability

Why Can’t My AI Use Your Business?

Companies keep asking where to put AI in the app. The disruption is the other way around: services that a customer’s authorised agent still cannot use.

๐Ÿ“˜ Want the complete guide?

Learn more: Read the full eBook here โ†’

Picture the product offsite. Under the AI column the stickies write themselves: chatbot for support, smart search, copilot in checkout, a little agent that helps users find events. Every idea assumes the same geometry. The human still enters your world. Your AI still sits inside your attention machine. That is not stupid. It is one generation behind the threat.

Why can’t my AI use your business?

For fifteen years consumer software trained itself to own attention: download, login, notify, navigate, convert. AI arrived and product managers did the rational thing โ€” they put intelligence where the attention already was. The agent world reverses the centre of gravity. Durable intent lives with the user. A personal agent holds authorisation and attention. Services become actuators, not attention prisons.

OLD: USER ATTENTION โ†’ APP
NEW: USER INTENT โ†’ PERSONAL AGENT โ†’ APP/SERVICE

Agent addressability is the service-side question: can an authorised intelligence outside your product perceive relevant state, understand available actions, and safely act for a human without impersonating fingers on your UI? That is different from “add AI.” It is different from “our mobile app has a backend API.” The app is still your client. The personal agent is the customer’s client.

The V1โ€“V4 ladder

Not every “AI feature” is the same generation. Use this ladder before you fund the next sticky.

Rung What you ship Context owner Who acts
V1 Chatbot / help AI App Human still clicks
V2 In-app agent / copilot App Human directs AI inside the app
V3 App’s AI performs actions App App AI operates this product
V4 Service addressable by user’s agent User’s agent User’s AI operates this service among others

Most vendors build V2. The threat is V4.

V1 is a help bubble that links you into search. V2 is a real conversational surface inside the logged-in app โ€” better concierge, same hotel. V3 lets the in-app agent book or cancel for you inside product context; impressive, still app-centric, still unable to hold a full human life without building a creepy second operating system of Scott inside every SaaS. V4 is the discontinuity: the personal agent holds longitudinal intent; the service exposes a machine surface; the happy path needs no product UI.

Human: "Keep me booked into suitable pickleball."
        โ†’ personal agent (calendar, pattern, payment grant)
        โ†’ service (inventory, rules, payment rails)
Human sees: โœ“ Wednesday 7pm booked

The service still does membership, capacity, and policy. Its human interface becomes invisible for the routine loop. The longitudinal model of the person should sit with the person โ€” not be poorly reconstructed as six partial Scotts across six vendors.

Pixels are not a delegation surface

Human UI is pixels, navigation, and interaction. An agent needs something else:

  • State โ€” what is true now
  • Actions โ€” what can be done
  • Delegated authority โ€” who, how far, how long, revoke
  • Consequences โ€” fees, failures, idempotency
  • Subscribe-to-changes โ€” when the world moves

Shipping LLMs onto the left column does not create the right column. “We have an API” usually means the app and maybe partners can talk machine. It rarely means a customer can mint a grant so their agent may book pickleball up to $X until revoked and learn when Wednesday opens. Technically automatable is not agent-addressable. RPA that clicks your UI is a failure mode, not a product strategy.

Keep me booked

The desired sentence is short: keep me booked into suitable pickleball. The current experience is not: open app, survive “things near me,” filter sports you never play, interpret tiny icons for already-booked versus closed, refresh again when the horizon opens.

I want to play pickleball, not refresh the app.

Walk the same service up the ladder. V1 answers “how do I book?” with a link. V2 finds Sunday beginner faster inside the walls. V3 books one Wednesday after confirmation โ€” then next week starts over, treating six bookings as six commands when the evidence was one durable intent. V4 lets the personal agent complete the loop under a grant. If V4 is impossible on your product today, that is a product gap, not a user failure.

The URL was the integration (twenty-five years ago)

This is not a protocol-era invention. In the early 2000s, Freemans Australia ran insurance loss adjusting with Lotus Notes for intermittently connected field adjusters โ€” the right operational system for disaster sites, the wrong system to hand to insurers. The integration was not Notes clients, federation, or EDI megaprojects. It was a claim-scoped signed-ish URL (pre-S3 signing) emailed into the insurer’s own system: a durable pointer to exactly one claim.

The URL was the integration.

Same instinct now: external agents need scoped operability without your human UI, just as external parties needed scoped visibility without your thick client.

Copy agent connection

Product moment next to Share and Export:

Profile โ†’ [Copy agent connection]
        โ†’ paste into personal agent
        โ†’ first fetch: capabilities + instructions + scoped auth
        โ†’ agent operates within grant

Conceptually: API key + API surface + agent instructions in one artefact. Production needs real token hygiene; the product shape still stands. Refuse password-sharing into agents (actions become indistinguishable from the human in audit logs)1 and refuse scrape-as-API as a strategy.

Standards are catching the intuition. MCP authorization models clients making protected requests on behalf of a resource owner, with OAuth resource-server semantics and metadata discovery.2 Google’s A2A protocol uses Agent Cards โ€” JSON capability manifests, often at a well-known URL such as /.well-known/agent.json โ€” and positions itself as complementary to MCP.34 Protocols supply plumbing. They do not decide who holds durable intent. They do not replace provenance and runtime authority design โ€” that is a sibling problem.

When the agent is the customer

UI craft still matters for discovery, trust, and exceptions. Routine transactions migrate to authorised agents. Competition shifts from who owns the home-screen slot to who is reliably operable under a scoped grant with clear consequences and honest change feeds.

When the agent is the customer, UI polish stops being a moat.

Monday plan

  1. Pick one durable customer intent (not a novelty query).
  2. Score state / actions / authority / consequences / subscribe 0โ€“2 each.
  3. Label every AI roadmap item V1โ€“V4.
  4. Design a pilot Copy agent connection for one narrow scope.
  5. Pass/fail: can an authorised external agent complete the intent without UI impersonation?

This article owns the service-side product question only. What the personal agent does with the connection, friction-arbitrage economics, and cryptographic provenance internals are separate conversations. Stop only asking where AI goes in the app. Ask whether the user’s AI can use your business โ€” and if not, build the surface that makes the answer yes.

References

  1. The Hacker News. “AI Agents Are Becoming Authorization Bypass Paths.” โ€” Sharing human credentials with agents makes actions hard to distinguish in audit logs. https://thehackernews.com/2026/01/ai-agents-are-becoming-privilege.html
  2. Model Context Protocol. “Authorization” specification (2025-11-25). โ€” MCP clients make protected requests on behalf of resource owners; servers act as OAuth 2.1 resource servers with protected-resource metadata discovery. https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization
  3. Google Developers Blog. “Announcing the Agent2Agent Protocol (A2A).” โ€” Agents advertise capabilities using an Agent Card in JSON; A2A complements MCP. https://developers.googleblog.com/en/a2a-a-new-era-of-agent-interoperability/
  4. Google Codelabs. “Getting Started with Agent2Agent (A2A) Protocol.” โ€” A2A servers expose agent cards at /.well-known/agent.json for discovery. https://codelabs.developers.google.com/intro-a2a-purchasing-concierge
Scott Farrell ยท LeverageAI ยท Full ebook: multi-chapter field guide on agent addressability (V1โ€“V4 ladder, delegation surface, Freemans ancestor, copy-a-URL connection).

Discover more from Leverage AI for your business

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

ยฉ 2026 Leverage AI, Scott Farrell. All rights reserved. This content is made available on a limited, revocable, read-only basis only. No licence or right is granted to copy, reproduce, republish, scrape, store, adapt, summarise, index, embed, or use this content to create derivative works, work product, deliverables, methodologies, training materials, prompts, templates, software, services, research, or commercial outputs, whether by humans or machines, without prior written permission. This restriction includes internal business use, client work, consulting, advisory, implementation, and any use in or for artificial intelligence, machine learning, data extraction, retrieval, evaluation, fine-tuning, or knowledge-base construction.